From: ludo@gnu.org (Ludovic Courtès)
To: 23311@debbugs.gnu.org
Subject: bug#23311: TLS handshake error
Date: Tue, 19 Apr 2016 00:29:50 +0200 [thread overview]
Message-ID: <87y48a7dpd.fsf@gnu.org> (raw)
Sometimes, TLS handshakes fail in strange ways (the following happens
after a dozen of iterations; I’ve enabled GnuTLS debugging in (guix
build download) here):
--8<---------------cut here---------------start------------->8---
$ while ./pre-inst-env guix download https://mirror.hydra.gnu.org/index.html ; do : ; done
[...]
Starting download of /tmp/guix-file.4axVhT
From https://mirror.hydra.gnu.org/index.html...
gnutls: [2565|3] ASSERT: gnutls_constate.c:588
gnutls: [2565|5] REC[0x1d98bd0]: Allocating epoch #1
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256 (C0.2B)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384 (C0.2C)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256 (C0.86)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384 (C0.87)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1 (C0.09)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256 (C0.23)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1 (C0.0A)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384 (C0.24)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256 (C0.72)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384 (C0.73)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_AES_128_CCM (C0.AC)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_AES_256_CCM (C0.AD)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1 (C0.08)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256 (C0.2F)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384 (C0.30)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256 (C0.8A)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384 (C0.8B)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1 (C0.13)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256 (C0.27)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1 (C0.14)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384 (C0.28)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256 (C0.76)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384 (C0.77)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA1 (C0.12)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_RSA_AES_128_GCM_SHA256 (00.9C)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_RSA_AES_256_GCM_SHA384 (00.9D)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_RSA_CAMELLIA_128_GCM_SHA256 (C0.7A)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_RSA_CAMELLIA_256_GCM_SHA384 (C0.7B)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_RSA_AES_128_CBC_SHA1 (00.2F)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_RSA_AES_128_CBC_SHA256 (00.3C)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_RSA_AES_256_CBC_SHA1 (00.35)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_RSA_AES_256_CBC_SHA256 (00.3D)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_RSA_CAMELLIA_128_CBC_SHA1 (00.41)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_RSA_CAMELLIA_128_CBC_SHA256 (00.BA)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_RSA_CAMELLIA_256_CBC_SHA1 (00.84)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_RSA_CAMELLIA_256_CBC_SHA256 (00.C0)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_RSA_AES_128_CCM (C0.9C)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_RSA_AES_256_CCM (C0.9D)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_RSA_3DES_EDE_CBC_SHA1 (00.0A)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_128_GCM_SHA256 (00.9E)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_256_GCM_SHA384 (00.9F)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_CAMELLIA_128_GCM_SHA256 (C0.7C)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_CAMELLIA_256_GCM_SHA384 (C0.7D)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_128_CBC_SHA1 (00.33)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_128_CBC_SHA256 (00.67)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_256_CBC_SHA1 (00.39)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_256_CBC_SHA256 (00.6B)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1 (00.45)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256 (00.BE)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 (00.88)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256 (00.C4)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_128_CCM (C0.9E)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_256_CCM (C0.9F)
gnutls: [2565|4] HSK[0x1d98bd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1 (00.16)
gnutls: [2565|4] EXT[0x1d98bd0]: Sending extension EXT MASTER SECRET (0 bytes)
gnutls: [2565|4] EXT[0x1d98bd0]: Sending extension ENCRYPT THEN MAC (0 bytes)
gnutls: [2565|4] EXT[0x1d98bd0]: Sending extension STATUS REQUEST (5 bytes)
gnutls: [2565|4] EXT[0x1d98bd0]: Sending extension SERVER NAME (25 bytes)
gnutls: [2565|4] EXT[0x1d98bd0]: Sending extension SAFE RENEGOTIATION (1 bytes)
gnutls: [2565|4] EXT[0x1d98bd0]: Sending extension SESSION TICKET (0 bytes)
gnutls: [2565|4] EXT[0x1d98bd0]: Sending extension SUPPORTED ECC (12 bytes)
gnutls: [2565|4] EXT[0x1d98bd0]: Sending extension SUPPORTED ECC POINT FORMATS (2 bytes)
gnutls: [2565|4] EXT[0x1d98bd0]: sent signature algo (4.1) RSA-SHA256
gnutls: [2565|4] EXT[0x1d98bd0]: sent signature algo (4.3) ECDSA-SHA256
gnutls: [2565|4] EXT[0x1d98bd0]: sent signature algo (5.1) RSA-SHA384
gnutls: [2565|4] EXT[0x1d98bd0]: sent signature algo (5.3) ECDSA-SHA384
gnutls: [2565|4] EXT[0x1d98bd0]: sent signature algo (6.1) RSA-SHA512
gnutls: [2565|4] EXT[0x1d98bd0]: sent signature algo (6.3) ECDSA-SHA512
gnutls: [2565|4] EXT[0x1d98bd0]: sent signature algo (3.1) RSA-SHA224
gnutls: [2565|4] EXT[0x1d98bd0]: sent signature algo (3.3) ECDSA-SHA224
gnutls: [2565|4] EXT[0x1d98bd0]: sent signature algo (2.1) RSA-SHA1
gnutls: [2565|4] EXT[0x1d98bd0]: sent signature algo (2.3) ECDSA-SHA1
gnutls: [2565|4] EXT[0x1d98bd0]: Sending extension SIGNATURE ALGORITHMS (22 bytes)
gnutls: [2565|4] HSK[0x1d98bd0]: CLIENT HELLO was queued [256 bytes]
gnutls: [2565|5] REC[0x1d98bd0]: Preparing Packet Handshake(22) with length: 256 and min pad: 0
gnutls: [2565|9] ENC[0x1d98bd0]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
gnutls: [2565|5] REC[0x1d98bd0]: Sent Packet[1] Handshake(22) in epoch 0 and length: 261
gnutls: [2565|3] ASSERT: gnutls_buffers.c:1154
gnutls: [2565|10] READ: Got 0 bytes from 0xd
gnutls: [2565|10] READ: read 0 bytes from 0xd
gnutls: [2565|3] ASSERT: gnutls_buffers.c:592
gnutls: [2565|3] ASSERT: gnutls_record.c:1038
gnutls: [2565|3] ASSERT: gnutls_record.c:1158
gnutls: [2565|3] ASSERT: gnutls_buffers.c:1409
gnutls: [2565|3] ASSERT: gnutls_handshake.c:1446
gnutls: [2565|3] ASSERT: gnutls_handshake.c:2757
ERROR: Throw to key `gnutls-error' with args `(#<gnutls-error-enum La TLS-konekto estis finigita neĝuste.> handshake)'.
failed to download "/tmp/guix-file.4axVhT" from "https://mirror.hydra.gnu.org/index.html"
guix download: error: https://mirror.hydra.gnu.org/index.html: download failed
$ guix package -I gnutls
gnutls 3.4.7 out /gnu/store/k1bihwrvcrhjwpxg74d93w9dwsldrvap-gnutls-3.4.7
$ git describe
v0.10.0-298-g4f8cede
--8<---------------cut here---------------end--------------->8---
For reference, the successful handshakes look like this:
--8<---------------cut here---------------start------------->8---
Starting download of /tmp/guix-file.VSDV7l
From https://mirror.hydra.gnu.org/index.html...
gnutls: [2557|3] ASSERT: gnutls_constate.c:588
gnutls: [2557|5] REC[0x222ebd0]: Allocating epoch #1
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256 (C0.2B)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384 (C0.2C)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256 (C0.86)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384 (C0.87)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1 (C0.09)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256 (C0.23)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1 (C0.0A)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384 (C0.24)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256 (C0.72)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384 (C0.73)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_AES_128_CCM (C0.AC)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_AES_256_CCM (C0.AD)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1 (C0.08)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256 (C0.2F)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384 (C0.30)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256 (C0.8A)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384 (C0.8B)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1 (C0.13)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256 (C0.27)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1 (C0.14)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384 (C0.28)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256 (C0.76)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384 (C0.77)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA1 (C0.12)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_RSA_AES_128_GCM_SHA256 (00.9C)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_RSA_AES_256_GCM_SHA384 (00.9D)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_RSA_CAMELLIA_128_GCM_SHA256 (C0.7A)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_RSA_CAMELLIA_256_GCM_SHA384 (C0.7B)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_RSA_AES_128_CBC_SHA1 (00.2F)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_RSA_AES_128_CBC_SHA256 (00.3C)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_RSA_AES_256_CBC_SHA1 (00.35)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_RSA_AES_256_CBC_SHA256 (00.3D)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_RSA_CAMELLIA_128_CBC_SHA1 (00.41)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_RSA_CAMELLIA_128_CBC_SHA256 (00.BA)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_RSA_CAMELLIA_256_CBC_SHA1 (00.84)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_RSA_CAMELLIA_256_CBC_SHA256 (00.C0)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_RSA_AES_128_CCM (C0.9C)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_RSA_AES_256_CCM (C0.9D)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_RSA_3DES_EDE_CBC_SHA1 (00.0A)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_128_GCM_SHA256 (00.9E)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_256_GCM_SHA384 (00.9F)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_CAMELLIA_128_GCM_SHA256 (C0.7C)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_CAMELLIA_256_GCM_SHA384 (C0.7D)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_128_CBC_SHA1 (00.33)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_128_CBC_SHA256 (00.67)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_256_CBC_SHA1 (00.39)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_256_CBC_SHA256 (00.6B)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1 (00.45)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256 (00.BE)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 (00.88)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256 (00.C4)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_128_CCM (C0.9E)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_AES_256_CCM (C0.9F)
gnutls: [2557|4] HSK[0x222ebd0]: Keeping ciphersuite: GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1 (00.16)
gnutls: [2557|4] EXT[0x222ebd0]: Sending extension EXT MASTER SECRET (0 bytes)
gnutls: [2557|4] EXT[0x222ebd0]: Sending extension ENCRYPT THEN MAC (0 bytes)
gnutls: [2557|4] EXT[0x222ebd0]: Sending extension STATUS REQUEST (5 bytes)
gnutls: [2557|4] EXT[0x222ebd0]: Sending extension SERVER NAME (25 bytes)
gnutls: [2557|4] EXT[0x222ebd0]: Sending extension SAFE RENEGOTIATION (1 bytes)
gnutls: [2557|4] EXT[0x222ebd0]: Sending extension SESSION TICKET (0 bytes)
gnutls: [2557|4] EXT[0x222ebd0]: Sending extension SUPPORTED ECC (12 bytes)
gnutls: [2557|4] EXT[0x222ebd0]: Sending extension SUPPORTED ECC POINT FORMATS (2 bytes)
gnutls: [2557|4] EXT[0x222ebd0]: sent signature algo (4.1) RSA-SHA256
gnutls: [2557|4] EXT[0x222ebd0]: sent signature algo (4.3) ECDSA-SHA256
gnutls: [2557|4] EXT[0x222ebd0]: sent signature algo (5.1) RSA-SHA384
gnutls: [2557|4] EXT[0x222ebd0]: sent signature algo (5.3) ECDSA-SHA384
gnutls: [2557|4] EXT[0x222ebd0]: sent signature algo (6.1) RSA-SHA512
gnutls: [2557|4] EXT[0x222ebd0]: sent signature algo (6.3) ECDSA-SHA512
gnutls: [2557|4] EXT[0x222ebd0]: sent signature algo (3.1) RSA-SHA224
gnutls: [2557|4] EXT[0x222ebd0]: sent signature algo (3.3) ECDSA-SHA224
gnutls: [2557|4] EXT[0x222ebd0]: sent signature algo (2.1) RSA-SHA1
gnutls: [2557|4] EXT[0x222ebd0]: sent signature algo (2.3) ECDSA-SHA1
gnutls: [2557|4] EXT[0x222ebd0]: Sending extension SIGNATURE ALGORITHMS (22 bytes)
gnutls: [2557|4] HSK[0x222ebd0]: CLIENT HELLO was queued [256 bytes]
gnutls: [2557|5] REC[0x222ebd0]: Preparing Packet Handshake(22) with length: 256 and min pad: 0
gnutls: [2557|9] ENC[0x222ebd0]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
gnutls: [2557|5] REC[0x222ebd0]: Sent Packet[1] Handshake(22) in epoch 0 and length: 261
gnutls: [2557|3] ASSERT: gnutls_buffers.c:1154
gnutls: [2557|10] READ: Got 5 bytes from 0xd
gnutls: [2557|10] READ: read 5 bytes from 0xd
gnutls: [2557|10] RB: Have 0 bytes into buffer. Adding 5 bytes.
gnutls: [2557|10] RB: Requested 5 bytes
gnutls: [2557|5] REC[0x222ebd0]: SSL 3.3 Handshake packet received. Epoch 0, length: 61
gnutls: [2557|5] REC[0x222ebd0]: Expected Packet Handshake(22)
gnutls: [2557|5] REC[0x222ebd0]: Received Packet Handshake(22) with length: 61
gnutls: [2557|10] READ: Got 61 bytes from 0xd
gnutls: [2557|10] READ: read 61 bytes from 0xd
gnutls: [2557|10] RB: Have 5 bytes into buffer. Adding 61 bytes.
gnutls: [2557|10] RB: Requested 66 bytes
gnutls: [2557|5] REC[0x222ebd0]: Decrypted Packet[0] Handshake(22) with length: 61
gnutls: [2557|4] HSK[0x222ebd0]: SERVER HELLO (2) was received. Length 57[57], frag offset 0, frag length: 57, sequence: 0
gnutls: [2557|4] HSK[0x222ebd0]: Server's version: 3.3
gnutls: [2557|4] HSK[0x222ebd0]: SessionID length: 0
gnutls: [2557|4] HSK[0x222ebd0]: SessionID: c0
gnutls: [2557|4] HSK[0x222ebd0]: Selected cipher suite: ECDHE_RSA_AES_128_GCM_SHA256
gnutls: [2557|4] HSK[0x222ebd0]: Selected compression method: NULL (0)
gnutls: [2557|4] EXT[0x222ebd0]: Parsing extension 'SAFE RENEGOTIATION/65281' (1 bytes)
gnutls: [2557|4] EXT[0x222ebd0]: Parsing extension 'SUPPORTED ECC POINT FORMATS/11' (4 bytes)
gnutls: [2557|4] EXT[0x222ebd0]: Parsing extension 'SESSION TICKET/35' (0 bytes)
gnutls: [2557|4] HSK[0x222ebd0]: Safe renegotiation succeeded
gnutls: [2557|3] ASSERT: gnutls_buffers.c:1154
gnutls: [2557|10] READ: Got 5 bytes from 0xd
gnutls: [2557|10] READ: read 5 bytes from 0xd
gnutls: [2557|10] RB: Have 0 bytes into buffer. Adding 5 bytes.
gnutls: [2557|10] RB: Requested 5 bytes
gnutls: [2557|5] REC[0x222ebd0]: SSL 3.3 Handshake packet received. Epoch 0, length: 2538
gnutls: [2557|5] REC[0x222ebd0]: Expected Packet Handshake(22)
gnutls: [2557|5] REC[0x222ebd0]: Received Packet Handshake(22) with length: 2538
gnutls: [2557|10] READ: Got 1339 bytes from 0xd
gnutls: [2557|10] READ: Got 1199 bytes from 0xd
gnutls: [2557|10] READ: read 2538 bytes from 0xd
gnutls: [2557|10] RB: Have 5 bytes into buffer. Adding 2538 bytes.
gnutls: [2557|10] RB: Requested 2543 bytes
gnutls: [2557|5] REC[0x222ebd0]: Decrypted Packet[1] Handshake(22) with length: 2538
gnutls: [2557|4] HSK[0x222ebd0]: CERTIFICATE (11) was received. Length 2534[2534], frag offset 0, frag length: 2534, sequence: 0
gnutls: [2557|3] ASSERT: gnutls_buffers.c:1154
gnutls: [2557|10] READ: Got 5 bytes from 0xd
gnutls: [2557|10] READ: read 5 bytes from 0xd
gnutls: [2557|10] RB: Have 0 bytes into buffer. Adding 5 bytes.
gnutls: [2557|10] RB: Requested 5 bytes
gnutls: [2557|5] REC[0x222ebd0]: SSL 3.3 Handshake packet received. Epoch 0, length: 333
gnutls: [2557|5] REC[0x222ebd0]: Expected Packet Handshake(22)
gnutls: [2557|5] REC[0x222ebd0]: Received Packet Handshake(22) with length: 333
gnutls: [2557|10] READ: Got 333 bytes from 0xd
gnutls: [2557|10] READ: read 333 bytes from 0xd
gnutls: [2557|10] RB: Have 5 bytes into buffer. Adding 333 bytes.
gnutls: [2557|10] RB: Requested 338 bytes
gnutls: [2557|5] REC[0x222ebd0]: Decrypted Packet[2] Handshake(22) with length: 333
gnutls: [2557|4] HSK[0x222ebd0]: SERVER KEY EXCHANGE (12) was received. Length 329[329], frag offset 0, frag length: 329, sequence: 0
gnutls: [2557|4] HSK[0x222ebd0]: Selected ECC curve SECP256R1 (2)
gnutls: [2557|4] HSK[0x222ebd0]: verify handshake data: using RSA-SHA256
gnutls: [2557|3] ASSERT: gnutls_buffers.c:1154
gnutls: [2557|10] READ: Got 5 bytes from 0xd
gnutls: [2557|10] READ: read 5 bytes from 0xd
gnutls: [2557|10] RB: Have 0 bytes into buffer. Adding 5 bytes.
gnutls: [2557|10] RB: Requested 5 bytes
gnutls: [2557|5] REC[0x222ebd0]: SSL 3.3 Handshake packet received. Epoch 0, length: 4
gnutls: [2557|5] REC[0x222ebd0]: Expected Packet Handshake(22)
gnutls: [2557|5] REC[0x222ebd0]: Received Packet Handshake(22) with length: 4
gnutls: [2557|10] READ: Got 4 bytes from 0xd
gnutls: [2557|10] READ: read 4 bytes from 0xd
gnutls: [2557|10] RB: Have 5 bytes into buffer. Adding 4 bytes.
gnutls: [2557|10] RB: Requested 9 bytes
gnutls: [2557|5] REC[0x222ebd0]: Decrypted Packet[3] Handshake(22) with length: 4
gnutls: [2557|4] HSK[0x222ebd0]: SERVER HELLO DONE (14) was received. Length 0[0], frag offset 0, frag length: 1, sequence: 0
gnutls: [2557|3] ASSERT: gnutls_buffers.c:1145
gnutls: [2557|3] ASSERT: gnutls_buffers.c:1374
gnutls: [2557|4] HSK[0x222ebd0]: CLIENT KEY EXCHANGE was queued [70 bytes]
gnutls: [2557|4] REC[0x222ebd0]: Sent ChangeCipherSpec
gnutls: [2557|9] INT: PREMASTER SECRET[32]: 716e3dcaccba7603e0ebb582523b8843346f6a39b8cf48e2621dca454c10ab86
gnutls: [2557|9] INT: CLIENT RANDOM[32]: 571555d2e90ca30c79a44bfb5819f6b8efd46b4b3624ea6b8fa061f5d0b112e2
gnutls: [2557|9] INT: SERVER RANDOM[32]: 35b4aac815c824fb266db15ca58299fc404184fe9d0bcd7a0b2430648c548757
gnutls: [2557|9] INT: MASTER SECRET: 1c79b7539323f17b5208443b95ad00d350ff0161b792bda105ca16617af059fb3bfe7aae6917cd99c4dc2a12c2e66fea
gnutls: [2557|5] REC[0x222ebd0]: Initializing epoch #1
gnutls: [2557|9] INT: KEY BLOCK[40]: 53c329765d368833c6633081fe69fc63065ea7a51deab4bc5e06a43067e85a2e
gnutls: [2557|9] INT: CLIENT WRITE KEY [16]: 53c329765d368833c6633081fe69fc63
gnutls: [2557|9] INT: SERVER WRITE KEY [16]: 065ea7a51deab4bc5e06a43067e85a2e
gnutls: [2557|5] REC[0x222ebd0]: Epoch #1 ready
gnutls: [2557|4] HSK[0x222ebd0]: Cipher Suite: ECDHE_RSA_AES_128_GCM_SHA256
gnutls: [2557|4] HSK[0x222ebd0]: Initializing internal [write] cipher sessions
gnutls: [2557|4] HSK[0x222ebd0]: recording tls-unique CB (send)
gnutls: [2557|4] HSK[0x222ebd0]: FINISHED was queued [16 bytes]
gnutls: [2557|5] REC[0x222ebd0]: Preparing Packet Handshake(22) with length: 70 and min pad: 0
gnutls: [2557|9] ENC[0x222ebd0]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
gnutls: [2557|5] REC[0x222ebd0]: Sent Packet[2] Handshake(22) in epoch 0 and length: 75
gnutls: [2557|5] REC[0x222ebd0]: Preparing Packet ChangeCipherSpec(20) with length: 1 and min pad: 0
gnutls: [2557|9] ENC[0x222ebd0]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
gnutls: [2557|5] REC[0x222ebd0]: Sent Packet[3] ChangeCipherSpec(20) in epoch 0 and length: 6
gnutls: [2557|5] REC[0x222ebd0]: Preparing Packet Handshake(22) with length: 16 and min pad: 0
gnutls: [2557|9] ENC[0x222ebd0]: cipher: AES-128-GCM, MAC: AEAD, Epoch: 1
gnutls: [2557|5] REC[0x222ebd0]: Sent Packet[1] Handshake(22) in epoch 1 and length: 45
gnutls: [2557|3] ASSERT: gnutls_buffers.c:1154
[...]
--8<---------------cut here---------------end--------------->8---
In the bad case, the client gets stuck for a few seconds in ‘recvfrom’
and eventually bails out (“Got 0 bytes from 0xd”).
The same loop with https://www.gnu.org/index.html or
https://hydra.gnu.org/logo works well, it seems, so it might be a
misconfiguration on mirror.hydra.gnu.org.
Ludo’.
next reply other threads:[~2016-04-18 22:31 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-18 22:29 Ludovic Courtès [this message]
2016-04-19 14:06 ` bug#23311: TLS handshake error Ludovic Courtès
2016-04-19 21:10 ` Ludovic Courtès
2016-04-19 21:51 ` Ludovic Courtès
2016-04-20 11:18 ` Ludovic Courtès
2016-04-20 11:31 ` Mathieu Lirzin
2016-04-20 15:32 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87y48a7dpd.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=23311@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).